-
Understanding the UNION ATTACK
https://portswigger.net/web-security/sql-injection/union-attacks SQL injection UNION attacks When an application is vulnerable to SQL injection and the results of the query are returned within the application’s responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack. The UNION keyword lets you execute one or more additional SELECT queries and…
-
Lab 2 : SQL injection vulnerability allowing login bypass
Problem Statement : This lab contains an SQL injection vulnerability in the login function. To solve the lab, perform an SQL injection attack that logs in to the application as the administrator user. Access the lab Solution: Next – –> Type username as = ‘ OR 1=1– –> type any password Next I am logged in Understanding the Solution…
-
LAB 1: SQL Injection Vulnerability in WHERE clause allowing retrieval of hidden data.
Problem Statement : This lab contains an SQL injection vulnerability in the product category filter. When the user selects a category, the application carries out an SQL query like the following: SELECT * FROM products WHERE category = ‘Gifts’ AND released = 1 To solve the lab, perform an SQL injection attack that causes the application to…
-
What is SQL Injection ?
SQL injection is a type of security vulnerability that occurs when an attacker is able to insert malicious code into an SQL statement. The purpose of this injection is to manipulate the database and retrieve sensitive information, modify or delete data, or even take control of the entire system. Here’s a simple example: Suppose a…
ScrollUnlock 